<?php

$email = trim($_POST['email']);
$password = passwordmd5(trim($_POST['password']));

$sql = "SELECT * FROM `user` WHERE `email` = '$email' AND `password` = '$password';";
$result = mysql_query($sql);
if (mysql_num_rows($result) == 1) {
    $row = mysql_fetch_assoc($result);
    $_SESSION['logged'] = TRUE;
    $_SESSION['email'] = $email;
    $_SESSION['id'] = $row['id'];
    $_SESSION['name'] = $row['name'];
    $_SESSION['level'] = $row['level'];

    print "<script language='javascript'>
        window.location.href='./';
        </script>";
} else {
    print "<script language='javascript'>
        alert('Your e-mail and password do not match.');
        window.location.href='?url=signin';
        </script>";
}
?>
